<?php
session_start();

require '../conn.php';



$user=$_POST['name'];

$pass=$_POST['pass'];

$code=$_POST['safecode'];

$str='';

$errs=false;



if ($code==''){

	$errs=true;

	Msg_Error('验证码错误！');

	exit();

}

if (strtolower($code)!=$_SESSION['codea']){

	$errs=true;

	Msg_Error('验证码错误！');

	exit();

}

if (preg_match('/^\w{5,20}$/',$user)==0){

	$errs=true;

	Msg_Error('非法的用户名！');

	exit();

}

if (preg_match('/^\w{5,20}$/',$pass)==0){

	$errs=true;

	Msg_Error('非法的密码！');

	exit();

}

if (!$errs){

	$query=mysql_query("select * from admin where a_user='$user'",$conn);

	if (mysql_num_rows($query)==0){

		Msg_Error('用户名或密码错误1！');

		exit();

	}

	else {

		$row=mysql_fetch_array($query);

		if(md5($pass)!=$row['a_pass']){

			Msg_Error('用户名或密码错误2！');

			exit();

		}

		else{

			$user=md5('fyphpv1-2015-admin-user-'.$user);

			setcookie('admin_user',$user,time()+3600*24,'/');

			setcookie('admin_time',date('Y年m月d日 H:i'));

 			$_SESSION['adminname']=$user;

			mysql_query("update admin set a_count=a_count+1 where a_user='$user'");

			header('Location: index.php');

		}

	}

}



function Msg_Error($str){

	echo '<div style="margin:100px; text-align:center; font-size:14px;">'.$str.'<br /><br /><a href="login.php">返回</a></div>';

}

?>